Measures and actions: they want to fight fraudsters by delaying SMS for 15 minutes and using a special button

Install a special button in banking applications to make it easier to report fraudsters to the police, and introduce a 15-minute delay when sending an SMS with a transaction confirmation code - these proposals by the Central Bank and the Ministry of Finance were the most striking at the plenary session of the Urals Forum on Cybersecurity in 2025. The authorities looked at this topic very broadly: they argued about blocking calls through messengers and about the confirmation of operations by a "second person". Also the head of the regulator Elvira Nabiullina told about a new virus SpyNote, which monitors the phone and empties accounts. And the head of Kaspersky Lab, Eugene Kaspersky, warned that criminals are actively using dipfakes - a trend that the state has yet to cope with. What has already been done to protect citizens and what the authorities will focus on in the future - in the material "Izvestia".

How fraudsters deceive Russians

The largest Russian forum for discussing challenges related to cybersecurity started on February 19 in Yekaterinburg. Although it is called "Security in Finance" and the main organizer is the Central Bank, the fight against fraudsters is now being fought on a broader front: in addition to representatives of the financial community, the head of the Ministry of Finance Maksut Shadaev, Deputy Interior Minister Andrei Khrapov, and Deputy Prosecutor General Sergei Zaitsev took part in the discussion.

Chairman of the Central Bank Elvira Nabiullina said that last year fraudsters stole more than 27 billion rubles from citizens. She emphasized that banks used to underestimate the level of damage. Supervisory measures had to be applied, and now the data have become more indicative.

Last year the law that introduces a two-day cooling off period for money transfers became effective, and it made life more difficult for fraudsters. Now major banks suspend for two days every month about 300 thousand transfers to suspicious accounts from the database of the Bank of Russia. During this time, more than half of citizens have time to understand the situation and cancel the transfer to intruders.

Banks have almost stopped allowing transfers to suspicious accounts from the database of the Central Bank, Nabiullina added. In fact, such accounts of fraudsters become disposable. It is indicative that the price of a dropper card on the black market has grown from 10-15 thousand to 70 thousand. However, because of this, attackers are more likely to use cash and couriers to get the victim's money.

Another trend of the last year is the growth of credit fraud. It accounts for about 40% of the total amount of stolen funds. However, this year a law against such crimes has been adopted. In particular, a cooling-off period is introduced before issuing consumer loans.

The head of the Central Bank added: in the second half of last year, another new type of fraud began to spread - the SpyNote virus with remote phone access functions. It mimics harmless programs, and with its help criminals first monitor the phone, see passwords and SMS, and then easily remotely open a banking application and take money. In the last six months, about 40-50% of account thefts have been committed in this way.

The applications of large banks are protected against such viruses, but smaller players do not have such systems. The Central Bank will work to ensure that all financial organizations eliminate this problem by April at the latest.

How the authorities will fight fraudsters

Also, the Bank of Russia plans to simplify for citizens the filing of fraud reports, Nabiullina said. Since October 2025, the Central Bank wants to oblige credit organizations to introduce a special button for such appeals - then the victims will be able to get the necessary certificate online to contact the police.

- Now only a third of people who have been victimized by fraudsters go to the bank or the police. The goal is to make more citizens tell the authorities if such a thing happens to them, - emphasized the head of the Central Bank.

The Association of Banks of Russia immediately supported this initiative: the financial community will work out the regulator's proposal for a special button, Anatoly Kozlachkov, president of the organization, told Izvestia. However, he noted that in order to comply with the legislative norms, credit organizations need time and resources to finalize their systems. That is, it is impossible to predict when such a button will appear.

The government has already approved a package of amendments to combat telephone and Internet fraud, said Maksut Shadaev. According to him, a number of other measures are being developed. For example, on the labeling of calls - so that each subscriber knows from whom the call comes. It is also necessary that SMS with the code of confirmation of the bank operation should not be sent during the call, but only after 15 minutes. This way a person will have time to realize that fraudsters may have called.

We are also discussing a measure in which a bank client could specify a second person to confirm transactions - especially for the older generation and children, added Maksut Shadaev. According to him, such assistance can be applied for when applying for loans, withdrawing money.

Such confirmation of loan applications will make the life of fraudsters much more difficult, said Andrei Barkhota. They often play on people's emotions and push them to act faster to avoid the imaginary threat. If a second person, who is not under the influence of attackers, is included in this process, the probability of success for them will be significantly reduced.

A 15-minute delay in sending SMS codes will also protect the public, because in this case the fraudsters will have to keep the victim in touch and under control during this entire time, added Andrei Barkhota. This will require extraordinary skills of psychophysical influence. In any case, there is a chance that during this time the victim will have time to come to his senses and stop the process.

How Russia will toughen punishment for droppers

Droppers often help fraudsters to withdraw money by giving them their bank details. The Ministry of Internal Affairs has drafted a bill to toughen penalties for droppers. The Central Bank supports the introduction of not only property, but also criminal liability for them, said Elvira Nabiullina at the plenary session. She noted that teenagers are often involved in such activities. Therefore, the Central Bank proposed to introduce parental notification of opening accounts and transactions by children until their majority.

However, toughening of responsibility for dropperism will hardly be a decisive argument in the fight against this phenomenon, economist Andrei Barkhota is sure. As it has been noted many times, young people often trust outsiders with their cards, not realizing all the consequences.

- It is much more important to work with the technical side of the processes - for example, to tighten the confirmation of each questionable operation by banks or to lengthen the delay periods before transferring funds, - believes Andrei Barkhota.

What are the dangers of calls via messengers?

The problem of telephone fraud is also gaining new momentum: calls are often used to "slip" a spyware program into a phone, Kaspersky Lab CEO Eugene Kaspersky told the Urals Forum. Moreover, the attackers mainly dial through messengers, which is much more difficult to fight.

Calls of fraudsters through such services are much more difficult to monitor and block, because they work through the Internet and are not subject to national laws on communications, explained Freedom Finance Global analyst Vladimir Chernov. Ordinary telephone communication is regulated by operators and government agencies, and is more protected from intruders. In addition, messengers often have end-to-end encryption, which makes it technically difficult to intercept and analyze calls.

Experts criticized the proposal of the Ministry of Finance to prohibit banks and government agencies from making calls via messengers: fraudsters will continue to communicate with people in this way and mislead them, said Eugene Kaspersky.

According to him, it is much more important to launch spam filtering in messengers, as it already works for mail. However, as stated by the head of the Ministry of Digital Media Maksut Shadaev, in order to implement such a measure, will have to give access to correspondence and calls to third-party programs, which now can not be done without the consent of the user. The Central Bank did offer to try out such a system voluntarily.

For calls through messengers, fraudsters mainly use IP-telephony - it is a telephone communication, which itself works through the Internet, said Oleg Abelev, head of the analytical department of the investment company "Rikom-Trust". This makes tracking such calls even more difficult - this method gives criminals the opportunity to use fake numbers, which greatly increases the level of anonymity. In addition, virtual numbers through which calls are made can be quickly purchased and also quickly sold.

Internet connection itself is usually through Wi-Fi network, the trace of which is additionally confused by VPN-services - they are able to substitute the IP-address of the device with server data from another country, said economist Andrei Barkhota. This makes it difficult to sort out contacts with the fraudster even after the offense has been committed.

Calls of phone scammers from Ukraine

In 2022, the connection of many crimes of phone scammers with the Ukrainian Armed Forces was clearly seen, said Minister of Digital Development, Communications and Mass Media Maksut Shadaev. Crimes are indeed often committed from abroad or using foreign infrastructure, Deputy Prosecutor General Sergei Zaitsev said at the Urals Forum. And so far only every fourth such case has been solved.

At the same time, the Russian and U.S. authorities are now starting to discuss the settlement of the Ukrainian conflict. On February 18, delegations of the two countries met in Saudi Arabia. Nevertheless, in the event of the end of the SWO, the pressure of fraudsters on Russians is unlikely to subside, suggested Vladimir Chernov of Freedom Finance Global. The desire to steal from abusers isn't going anywhere. At the same time, the methods of their work develop mostly autonomously, and the new information agenda only adds to the variants of scenarios for deceiving victims, said Andrei Barkhota.

How dipfakes are used to deceive citizens

In 2024, scammers have also improved technologies for deception. They began to use artificial intelligence on a mass scale, creating dipfeaks, said Eugene Kaspersky. And this trend appeared in Latin America, and then came to us.

Now we are discussing a measure to make the use of dipfeaks an aggravating circumstance for deceiving citizens, emphasized Maksut Shadaev. In addition, it is necessary to develop applications that will recognize fakes in real time.

In the State Duma introduced a bill with the initiative to take a biometric sample of the voice of fraudsters and enter them into a database, and then track whether it is used to deceive. Thus, an antivirus program will be able to recognize, for example, that a call is made with the use of a dipshake with a 90% probability, explained Maksut Shadaev.

In 2024, losses from fraud using dipfeiks amounted to about 250-300 billion rubles, specified in Rikom-Trust. It is obvious that the authorities will pay full attention to this threat, as it carries much more danger than many other types of fraud.